Janco News Feed
Security Manual Template
ISO27000, Sarbanes - Oxley, PCI-DSS & HIPAA Compliant
Multi-Country License Options
The Global Standard for Security Policies and Procedures
The License for the Security Manual Template can be purchased for use for either by a single company in a single country, single company in a country group like the EU, or by a single company for worldwide use.
License Options
-
A single (1) country for a single (1) company (DUNS number)
Standard License -
A country group (North America, Central America, South America, EU, Africa, Middle East, Asia, or Pan-Pacific) for multiple related company groups -
Enterprise License - Worldwide (International) use for multiple related company groups Worldwide License
License Conditions
The template can be placed on the enterprise's Intranet and be used as the standard for all divisions and operating units of the enterprise. The template is not for re-sale or re-distribution by consultants or VARs. If a consultant or a VAR wishes to use this for its clients Janco Associates should be contacted directly
Janco can provide coordination services for the enterprise on a time and materials basis. In addition Janco can save copies of a companies customized DRP in its archives for retrieval in by the enterprise.
Contact us directly for pricing of these services at +011 435 940-9300 x 101.
Testimonials
Testimonial - Dave Baker - City of Hamilton -I have found the Janco template invaluable!
Testimonial - Bob Rifenbury -MCSE/CCNA Lauch Testing Lab -The Janco Template saved me about 6 months of work!
Testimonial - Kelly Keeler - Martin's Point Health Care -I have received and I began using the template immediately. IT IS GREAT! Made this process a snap for me. Cut my documentation time down from. weeks to hours! This document has made, what began to be an overwhelming process turn into a snap!
Testimonial - Juan Stamos - Mexico City Corporation -We had a DRP in place, but needed a more user friendly structure. The Security Manual Template (Gold edition) has that structure. It was very easy to quickly move our policies into Janco's DRP Template -- a real added value.
This template is not for resale or re-distribution
Security Policies and Procedures Multi-Site Implementation Considerations
BYOD impacts mobile device policy
May 12th, 2012
CIOs are looking into a wide range of devices. Most published data shows that the most capital expenditures are related to mobile devices - tablets (rising), laptops (declining), and smartphones (rising). A "post-laptop" era many not necessarily mean that laptops will disappear from the workplace. Rather smartphones and tablets can perform certain functions more efficiently than a laptop. Asides from communication, smartphones are mostly used for very light work, such as checking email or quick web browsing. Tablet users find a broader variety of applications, including note-taking and presentations.
One implication is that CIOs will need to manage a suite of three devices for those workers who require flexibility in their computing options. Many CIOs are exploring mobile device management (MDM) tools, while others are adopting Bring Your Own Device (BYOD) policies by giving workers device stipends and transferring the liability and support away from the IT department.
- more info
Infrastructure focus of IT Budgets
April 29th, 2012
Mobility and wireless network infrastructures are the big takers when it comes to IT budget planning for 2012, according to a research study. Organizations are moving to the next stage of the IT infrastructure build-out across multiple budget areas, and the 2012 IT Investment Patterns Study shows how the strategy trends of innovation, integration and reversion are having a significant impact on 2012 spending patterns.
The IT environment is too complex to rely on outmoded ways to keep the business functioning and thriving flawlessly. To balance the many crucial and changing enterprise demands to move the organization forward, an IT governance process is required. This increases risks in expectations of IT --- the growth of the Internet, compliance concerns, mobile computing and advanced security risks as reasons for the critical need for IT governance. Instituting a governance process can serve as a catalyst that can effectively bring together the dynamics of cross-enterprise communication and summarize key, relevant data to provide critical metrics to make informed decisions.
- more info
Cloud becomes more robust
April 13th, 2012
CloudOn does several things right. First, it uses your Dropbox or Box cloud storage to save and access the files you are working on, and you can use both services, such as to separate personal and work projects. That means no messy file transfers before you go or when on the road, as OnLive requires. Your files are accessible from a variety of devices, including your iPad for access by other apps. If you use Box's enterprise service offering, you can even take on files in a workgroup setting and under IT management policies.
Second, CloudOn uses native iOS capabilities where it makes sense. For example, when working with text, you get the iPad's own onscreen keyboard or you can use a Bluetooth keyboard, if you have one -- not the funky, too-small Windows 7 floating keyboard. CloudOn even adds to the standard oscreen ipad keyboard Windows-specific keys: the Ctrl, Alt, Del, and Esc keys, the F1 through F12 function keys, and the four cursor keys. You also get file sharing via email using the standard iOS Share facility.
- more info
[New Topic]
April 5th, 2012
With the advent of user owned device and the ever increasing mandated requirements for record retention and security CIO are challenged to manage in an ever more complex and changing environment.
Before you start the process of implementing BYOD policies the CIO needs to ensure that what is created meets the an enterprises compliance, culture and operational requirements. This requires defining the scope and objectives of the policy:
- more info
- Cost - Who will pay for the data plan? Will rewards will you provide to get people to buy in?
- Agree to Acceptable Use - What terms will you include in your Acceptable Usage Policy, and how will you ensure your employees understand and agree to it?
- Mandated requirements : You will have to account for factors such as open source variables for Android implementations for different devices and any security or regulatory requirements that relate to your industry (i.e. Healthcare HIPAA compliance)
- Security: Will the policy state how you enforce passwords? Encryption? Do you want to blacklist any applications?
- Management: How will you manage the devices connected to your network?
Major data breach
April 2nd, 2012
Global Payments: Data breach is contained but is removed as a credit card processor by Visa and MasterCard.
Security incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks and enterprise critical data. CIOs, Data center operators, network administrators, and other IT professionals need to comprehend the basics of security in order to safely deploy and manage data and networks today.
It was first reported that Global Payments suffered a security breach, where as many 50,000 cardholders may have had their information exposed. Then after some investigation that number escalated to over 1,500,000.
Global Payments processes card payments between merchants and banks, sitting in the middle-ground directing where payment data should go.
Global Payments, a third-party payments processor to Visa and MasterCard credit and debit cards, said that while customer data may be at risk, the data breach has been "contained to the best of our ability."
- more info
Apple uses bogus number to mis-direct media attention
March 8th, 2012
Apple says that it has created or supported more than 500,000 jobs. Phishing attacks cost the economy $234 billion a year. And giving social and mobile CRM tools to salespeople makes them 26.4 percent more productive. This is all PR hype
Apple's attempt at statistical flimflammery is offensive because it is a transparent attempt to change the public conversation about Apple from the question of poor labor practices in the Chinese factories that make iPhones and iPads to job creation.
- more info
Older workers are not retiring
March 1st, 2012
Few mature professionals are planning to retire soon, according to CareerBuilder. Fifty seven percent of workers age 60 plus surveyed said they would look for a new job after retiring from their current company. Some continue working to compensate for the hit personal and retirement savings took during the recession. But it's not all about money.
Many still feel they have too much to contribute to even consider retirement. And many employers agree; several said they plan to hire older employees this year. Whether mature workers are motivated by financial concerns or simply enjoy going to work every day, we're seeing more people move away from the traditional definition of retirement to seek employment in new jobs. At the same time, employers are seeing the value these mature workers can bring to an organization, from their intellectual capital to their mentoring and training capabilities.
- more info
Cloud management for DOD won by a small business
February 24th, 2012
Data Computer Corporation of America has won two Defense Department task orders worth roughly $4.3 million for cloud computing services.
Under the terms of the task orders, which will be completed over a two-year time period, the company will provide the DOD with cloud computing design and development, as well as operations and maintenance support services.
The company, a small business, will provide expertise in cloud computing architecture design and development, as well as software analysis, design, integration and testing.
In addition theywill perform cloud architecture integration, including map-reduce processing, application management, and data visualization.
- more info
Cybersecurity Act of 2012 gives DHS control of Internet
February 15th, 2012
The Cybersecurity Act of 2012 calls for the Department of Homeland Security (DHS) to assess risks and vulnerabilities of computer systems running at critical infrastructure sites such as power companies and electricity and water utilities and to work with the operators to develop security standards that they would be required to meet.
Senators are taking another crack at pushing a broad cybersecurity bill three years in the making, once again stripping a controversial Internet "kill switch" and making other concessions in a bid to find an elusive bipartisan majority in an election year.
The DHS would determine which companies fit the definition of critical infrastructure as defined by systems "whose disruption from a cyber attack would cause mass death, evacuation, or major damage to the economy, national security, or daily life." Companies would have the right to appeal the designation, under the measure introduced by Sens. John D. (Jay) Rockefeller IV, (D-West Virginia), Joe Lieberman (I-Connecticut), Susan Collins (R-Maine) and Dianne Feinstein (D-California).
Owners or operators of critical infrastructure systems would need to determine how to best meet performance requirements and to verify that that they were doing so, with owners having the ability to either "self-certify" compliance or use a third-party assessor.
- more info
Hiring trend up for IT Pros
February 8th, 2012
Demand for IT professionals is steadily increasing, confidence is rising once again. The latest IT Employee Confidence Index reveals that optimism levels have climbed.
CIO and HR executives are seeing great demand for project managers, analytics professionals and .NET application developers, demonstrating that companies are opening their budgets and embracing technology implementation. And one-quarter of all employers are actively looking for new staff, meaning CIOs and other tech managers must focus on the needs of IT teams to avoid unnecessary hiring and re-training costs.
- more info
iPhone5 to make remote computing easier
January 28th, 2012
According to the Jan. 25 reports "reliable source at Foxconn in China," the various prototypes circulating around that production facility share some common features, including a 4-plus-inch display and a casing that no longer follows the design aesthetics of the iPhone 4 and iPhone 4S. "No teardrop-shaped devices, as rumored in the lead up to the iPhone 4S," related 9to5Mac. "Samples so far have been symmetrical in thickness (also longer/wider)."
Scuttlebutt concerning a larger iPhone 5 screen has circulating for some time, as the blog points out. That being said, variations between the prototypes suggest that Apple has yet to settle on a release version. If Apple follows the release cadence it established with previous iPhone iterations, this newest smartphone could make its debut in either the summer or early fall timeframes.
- more info
IT Hiring Trends
January 16th, 2012
If you've been promising your loyal IT staffers that you'll take care of them with raises when the economy turns around, 2012 is unlikely to be the year you get to make good on those promises. While employees in some roles will see increases this year, raises will be held in check, according to the most recent annual salary survey and forecast from Janco Associates. And CIOs and other executive-level IT managers will be in the same boat, likely to see level compensation from last year.
Find out what it's all about. See the IT 2012 IT Salary Survey
- more info
Factors to Consider in a Disaster Recovery & Business Continuity Plan
January 8th, 2012
The Janco Disaster Recovery Plan & Business Continuity Template takes into consideration all of the items related to various layers of operations that most enterprises need to consider if they want to continue after a disaster occurs. These include:
- more info
Patch Management Policy Released
December 13th, 2011
With the ever rising availability of enterprise data to mobile users there has been a significant increase in security exposure for information and network assets. The CEO of Janco Associates said, "As many as 90 percent of successful attacks are against vulnerabilities in which a patch already exists. Despite this statistic, many computers do not have the latest security patches installed, putting organizations at serious risk from a variety of malware threats. Patches are time-consuming to track and administer, and it is often difficult to see which computers actually have critical patches installed correctly. Without this visibility, IT managers have no simple method of identifying computers most at risk." He added, "To meet this requirement Janco has added a Patch Management Policy to its popular CIO Infrastructure Policy Bundle."
- more info
Microsoft's IE follows FireFox spell check to be added
November 9th, 2011
Firefox has had spell check implemented for several versions. Microsoft is now trying to catch up.
Microsoft is adding a commonly requested feature - spell-checking - to Internet Explorer (IE) 10. The feature is part of the already-released IE 10 developer previews, but Microsoft called it out and explained it in detail on the IEBlog.
IE 9 doesn't include spell-checking. That lacking feature is cited by more than a few users as one reason they aren't using IE 9. But because IE 10 will be the version of IE bundled with Windows 8, which will be optimized for touch input, spell checking is no longer taking a back seat.
- more info
Healthcare IT jobs are plentiful
November 8th, 2011
Many IT expertise pros have lost jobs, however healthcare is hiring to fill an expected shortage of 50,000 workers to support implementation of electronic health records and health information exchange. HIMSS and ASHHRA want to let technology professionals know and they want to have access to each other's knowledge.
Health Care vs. Financial Services Job Growth
Employment is on the rise in Healthcare IT and spending will reach $40 billion by the end of this year. Much of that growth will come from spending on electronic health record (EHR) systems, mobile health applications and efforts to comply with new government standards. Boosted by increased spending on healthcare software -- which is needed for the rollout of EHR systems -- the U.S. healthcare IT market is expected to grow at a rate of about 24% per year from 2012 to 2014, the study said. Spending on healthcare software rose 20.5% in the past year, from $6.8 billion in 2010 to a projected $8.2 billion this year. Recent mergers and acquisitions in the healthcare IT market also point to growing private-sector interest in software, which will see sales grow at rate of more than 30% annually from 2012 to 2014.
The federal government is devoting $116 million to health IT workforce training in the form of grants to community colleges and graduate medical informatics programs, as well as curriculum development, but that alone won't be enough to make up the entire labor shortage.
- more info
Malware attacks increase
November 5th, 2011
Malware is complex and seemingly everywhere and is often difficult to stop. It knows how to find your data - even on your mobile device and Mac. You can't ignore your "safe" devices any longer: you need to recognize and stop the threats before they do harm.
Malicious software can take the form of a computer virus or worm and disrupt or deny computer operations, steal private or sensitive information or gain unauthorized access to system resources. Since January 2011, serious malware attacks have hit many high-profile organizations who suffered damaging data loss. Some attacks were for kicks, some for money, some for political hacktivist reasons and some for reasons unknown.
One of the best ways to communicate and understand a company and its operating culture is through its policies. Designing and writing policy and communicating it effectively is an essential skill for professionals to have. By having policy carefully developed and communicated, employees will clearly know what the organization expects from them, the degree of control and independence they will have, and what the benefits and consequences are in regard to adhering to policy.
The policies that Janco has created are a must have that every enterprise needs. They can all be accessed by going to the Policy Master Page or the individual policies can accessed directly by clicking on the links below.
The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically. A totally solution that uses technology at its best.
- CIO IT Infrastructure Policy PDF (All of the policies below which come as individual MS Word files)
- Backup and Backup Retention Policy
- Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
- Incident Communication Plan Policy (Updated to include social networks as a communication path)
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
- Mobile Device Access and Use Policy
- Outsourcing Policy
- Record Management, Retention, and Destruction Policy
- Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
- Service Level Agreement (SLA) Policy Template with Metrics
- Social Networking Policy
- Telecommuting Policy
- Travel and Off-Site Meeting Policy
- more info
Tax liability impacted by disaster recovery plan
October 27th, 2011
Keeping track of a tax liability among multiple states can get complicated. If you have three servers in three states, software could be running in any one at any time, so youd have to consider presence in all three states. For example, if you have disaster recovery site in Pennsylvania, and that establishes presence in that state. A third party runs it; you many never have people going there and no one touches it, but you have a tax liability in that state. For customers who buy services, even though they're buying from a provider in California, they have to pay sales tax in Pennsylvania because they have a presence there.
Sales and use tax boils down to where a business has a physical presence that opens it up to tax liability within that jurisdiction. But when it comes to the cloud - where services are sold to customers who may access them anywhere from servers located who-knows-where by companies that may be headquartered anyplace - determining presence, and the liabilities that go with it, is anything but straightforward.
Many states are moving toward an economic presence standard whereby out-of-state businesses establish presence when making sales through an agreement with a person located in that state and the in-state person refers customers to the out-of-state business through a website link.
- more info
Record Retention for the long-term
October 16th, 2011
How many consumers using Internet photo services sites think that your digitized images will still be there 50 years from now?
To address those questions the 100 Year Archive Task Force (100YrATF), operated by the SNIA's Data Management Forum, is as a global, multi-agency group working to define best practices and storage standards for long-term digital information retention.
The 100 Yr ATF was created by SNIA because of the pending crisis in long-term preservation of digital information in the IT datacenter. The crisis has two principle challenges:
- more info
- Losing information that is stored digitally due to corruption, loss of access, loss of discoverability, or loss of readability
- Losing control of the ability to keep up with migrating the overwhelming volume of information to new media and into new logical formats.
What role does the CEO have in the CIOs success
October 9th, 2011
Why should senior management care about their CIOs' problems? Knowing what concerns the CIO could be a first step toward building what could be a more effective IT organization.
- CIOs are hired to be strategic, but spend most of their time in the weeds
Infrastructure uses up 80% of the IT budget, it's no wonder they have difficulty getting to the value-added projects. There is no easy solution to the tension between strategic expectations and operational exigencies, but outsourcing much of what is a commodity, and focusing on competitive differentiators, is a good place to start.
- CIOs are stewards of risk mitigation and cost containment, yet they need to drive innovation
How do you build a culture in which you both tightly control costs yet allow for the failures that everyone knows come with innovation? How do you maintain a locked-down, high-security armored tank of an infrastructure while allowing for the openness that experimentation requires? The problem of securing an organization's data while supporting the innovation that springs from creative employees demanding to use their own devices, build their own applications, and choose their own platforms grows more intense by the day.
- Technology is a long-term investment, but many companies think in quarters
Ten years ago, CIOs had to convince the purchasing group that automating reverse auctions was better than paper RFPs, and that took time. Today, CIOs do not have to convince the business of anything. They assume it will work and they want the payout within a quarter. While CIOs face constrained budgets, the demands on technology only increase. This paradox has plagued the IT organization for 30 years and is heating up now that software-as-a-service (SaaS) vendors increasingly are selling directly to business leaders, promising quick ROI. Then it falls to the CIO to make sure these apps integrate smoothly and securely with the organization's core systems.
- IT pervades and serves every part of the business, yet the IT organization is often removed from it
You would think the word and would function as a connector, a word that implies togetherness. Yet the phrase "IT and the business" does not work that way. Rather, it connotes separateness and difference, creating an us-versus-them culture that belies the actual isolation of IT. The language people use to describe a group has a powerful impact on how it's perceived. If you can manage it, CEOs and senior management should stop using that phrase themselves and encourage others to drop it from their lexicon. But changing language is only one step. Today, CIOs are hiring business relationship executives in the hope of eliminating a useless distinction and a distracting divide.
- CIOs are accountable for project success, but the business has to own the project
Most CIOs proudly proclaim that in their organization, "There are no IT projects, only business projects." This is a wonderful sentiment, but it often becomes a problem during the last mile when the business has to pony up resources to complete an IT implementation. CIO often say, "How do you drive something you cannot really own? If you drive it yourself, people will say, 'Why is this guy doing things to us?'" So, yes, all IT projects should be business projects, but the business needs to be a good faith partner with IT.The best CIOs have figured out how to manage up, around, and through these contradictions, but it is harder without the awareness and support of an enlightened CEO and executive committee.
- more info
